Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 12.9.0  Security Vulnerabilities
CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-10
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-09
CVE-2020-12277
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12275
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12276
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.
CVSS Score
4.8
EPSS Score
0.001
Published
2020-04-29
CVE-2020-11505
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
CVE-2020-11506
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
CVE-2020-11649
An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Members of a group could still have access after the group is deleted.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-22
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-27
CVE-2020-10955
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved